Re: [mediacapture-main] Iframe sandboxing options for gUM

Given that the document in a same-origin iframe could just add the 
attribute to the iframe itself, it does seem a bit pointless to 
require the attribute in that case. If that change were made to HTML 
then the move to require the `allowusermedia` attribute might work 
out. 
https://www.chromestatus.com/metrics/feature/timeline/popularity/1145 
measures cross-origin iframes only, and that then becomes the relevant
 metric.

@alvestrand, are you interested in trying this change in Blink?

I have a lingering doubt that things still aren't going to be very 
consistent. I checked how Geolocation works, because it also has 
permission prompts. There, at least Chrome allows requests from 
cross-origin iframes and shows UI using the iframe's origin. 
Notifications is another API with an upfront permission prompt. Should
 we try to get the same story for all APIs with a similar model, and 
would that mean lots of new allow* attributes?

-- 
GitHub Notification of comment by foolip
Please view or discuss this issue at 
https://github.com/w3c/mediacapture-main/issues/268#issuecomment-231335784
 using your GitHub account

Received on Friday, 8 July 2016 11:17:27 UTC